Sysdream

18 exploits Active since Apr 2016
CVE-2017-6086 EXPLOITDB HIGH WORKING POC
ViMbAdmin 3.0.15 - Cross-Site Request Forgery in DomainController and MailboxController
Multiple cross-site request forgery (CSRF) vulnerabilities in the addAction and purgeAction functions in ViMbAdmin 3.0.15 allow remote attackers to hijack the authentication of logged administrators to (1) add an administrator user via a crafted POST request to <vimbadmin directory>/application/controllers/DomainController.php, (2) remove an administrator user via a crafted GET request to <vimbadmin directory>/application/controllers/DomainController.php, (3) change an administrator password via a crafted POST request to <vimbadmin directory>/application/controllers/DomainController.php, (4) add a mailbox via a crafted POST request to <vimbadmin directory>/application/controllers/MailboxController.php, (5) delete a mailbox via a crafted POST request to <vimbadmin directory>/application/controllers/MailboxController.php, (6) archive a mailbox address via a crafted GET request to <vimbadmin directory>/application/controllers/ArchiveController.php, (7) add an alias address via a crafted POST request to <vimbadmin directory>/application/controllers/AliasController.php, or (8) remove an alias address via a crafted GET request to <vimbadmin directory>/application/controllers/AliasController.php.
CVSS 8.8
CVE-2016-7998 EXPLOITDB HIGH text WORKING POC
SPIP < 3.1.2 - Authenticated Remote Code Execution via Crafted INCLUDE/INCLURE Tag
The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted (1) INCLUDE or (2) INCLURE tag and then accessing it with a valider_xml action.
CVSS 8.8
CVE-2016-7980 EXPLOITDB HIGH text WRITEUP
SPIP < 3.1.2 - Cross-Site Request Forgery via XML Validator
Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that execute the XML validator on a local file via a crafted valider_xml request. NOTE: this issue can be combined with CVE-2016-7998 to execute arbitrary PHP code.
CVSS 8.8
CVE-2016-7982 EXPLOITDB HIGH text WORKING POC
SPIP < 3.1.2 - Path Traversal via var_url Parameter
Directory traversal vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to enumerate the files on the system via the var_url parameter in a valider_xml action.
CVSS 7.5
CVE-2017-6090 EXPLOITDB HIGH WORKING POC
PhpCollab < 2.5.1 - Authenticated Arbitrary File Upload via Client Logo Upload
Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in logos_clients/.
CVSS 8.8
CVE-2017-6089 EXPLOITDB CRITICAL WORKING POC
phpcollab < 2.5.1 - Unauthenticated SQL Injection via project or id Parameters
SQL injection vulnerability in PhpCollab 2.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) project or id parameters to topics/deletetopics.php; the (2) id parameter to bookmarks/deletebookmarks.php; or the (3) id parameter to calendar/deletecalendar.php.
CVSS 9.8
CVE-2017-6088 EXPLOITDB HIGH WORKING POC
EyesOfNetwork < 5.0 - Authenticated SQL Injection via bp_name, display, search, equipment, or type Parameter
Multiple SQL injection vulnerabilities in EyesOfNetwork (aka EON) 5.0 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) bp_name, (2) display, (3) search, or (4) equipment parameter to module/monitoring_ged/ged_functions.php or the (5) type parameter to monitoring_ged/ajax.php.
CVSS 7.2
CVE-2017-6087 EXPLOITDB HIGH WORKING POC
EyesOfNetwork eonweb < 5.0-0 - Authenticated OS Command Injection via selected_events[] Parameter
EyesOfNetwork ("EON") 5.0 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the selected_events[] parameter in the (1) acknowledge, (2) delete, or (3) ownDisown function in module/monitoring_ged/ged_functions.php or the (4) module parameter to module/index.php.
CVSS 8.8
CVE-2018-10094 EXPLOITDB CRITICAL text WORKING POC
Dolibarr < 7.0.2 - SQL Injection via Integer Parameter
SQL injection vulnerability in Dolibarr before 7.0.2 allows remote attackers to execute arbitrary SQL commands via vectors involving integer parameters without quotes.
CVSS 9.8
EIP-2026-105784 EXPLOITDB text WORKING POC
Centreon 2.5.3 - Remote Command Execution
CVE-2015-6541 EXPLOITDB HIGH text WORKING POC
Zimbra Collaboration Server < 8.5 - Cross-Site Request Forgery via SOAP BatchRequest
Multiple cross-site request forgery (CSRF) vulnerabilities in the Mail interface in Zimbra Collaboration Server (ZCS) before 8.5 allow remote attackers to hijack the authentication of arbitrary users for requests that change account preferences via a SOAP request to service/soap/BatchRequest.
CVSS 8.8
EIP-2026-103204 EXPLOITDB text WORKING POC
Proxmox VE 3/4 - Insecure Hostname Checking Remote Command Execution
CVE-2017-11322 EXPLOITDB HIGH WORKING POC
UCOPIA Wireless Appliance < 5.1.7 - OS Command Injection via chroothole_client Argument
The chroothole_client executable in UCOPIA Wireless Appliance before 5.1.8 allows remote attackers to gain root privileges via a dollar sign ($) metacharacter in the argument to chroothole_client.
CVSS 8.2
CVE-2017-11321 EXPLOITDB HIGH WORKING POC
UCOPIA Wireless Appliance < 5.1.8 - Authenticated Privilege Escalation via Less Command Shell Metacharacter Injection
The restricted shell interface in UCOPIA Wireless Appliance before 5.1.8 allows remote authenticated users to gain 'admin' privileges via shell metacharacters in the less command.
CVSS 7.2
CVE-2017-7997 EXPLOITDB CRITICAL text WORKING POC
gespage < 7.4.9 - SQL Injection via show_prn or show_month Parameter
Multiple SQL injection vulnerabilities in Gespage before 7.4.9 allow remote attackers to execute arbitrary SQL commands via the (1) show_prn parameter to webapp/users/prnow.jsp or show_month parameter to (2) webapp/users/blhistory.jsp or (3) webapp/users/prhistory.jsp.
CVSS 9.8
EIP-2026-102520 EXPLOITDB WORKING POC
OpenFire 3.10.2 < 4.0.1 - Multiple Vulnerabilities
CVE-2017-5869 EXPLOITDB HIGH ruby WORKING POC
Nuxeo Platform 6.0, 7.1-7.3 - Authenticated Path Traversal and Remote Code Execution via X-File-Name Header
Directory traversal vulnerability in the file import feature in Nuxeo Platform 6.0, 7.1, 7.2, and 7.3 allows remote authenticated users to upload and execute arbitrary JSP code via a .. (dot dot) in the X-File-Name header.
CVSS 8.8
CVE-2018-10093 EXPLOITDB HIGH text WRITEUP
AudioCodes IP phone 420HD <2.2.12.126 - RCE
AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow Remote Code Execution.
CVSS 8.8